Spike in Sim-swap fraud

Mobile operators are reporting a sharp increase in Sim-swap fraud, where fraudsters request the companies to swap out Sims so that they can get the one-time Pins needed to perform transactions using Internet banking.

Criminals do this to compromise consumers’ bank accounts and steal their money, but operators say they are doing their best to curb the problem.

Earlier this month, Moneyweb reported that an MTN customer had lost R97 000 from his Absa account as a result of this type of fraud.

MTN chief customer experience officer Eddie Moyce denied that the company was liable, saying all operators face the problem and that it was investigating all instances of Sim-swap fraud and working to improve its security systems to tackle the problem.

“With regard to fraud that is committed on customers’ bank accounts, there seems to be a misplaced belief that mobile network operators are liable,” Moyce added.

“The mobile network operators are not liable. This is based on the fact that in order to commit a fraud on a customer’s bank account, a fraudster must have their bank card/account number, Internet banking Pin and password. Our courts have already held that a Sim-swap does not in itself enable a fraudster to commit fraud on a customer’s bank account.”

Vodacom spokesman Nomsa Thusi says her company is aware of in the region of 50 cases of Sim-swap fraud a month. There has been a marked increase in the number of cases in the past year, with the problem previously having been limited to two or three cases a month.

“The past year has seen a noticeable increase,” she says, adding that Vodacom processes around 200 000 Sim swaps each month. Although that may make the reported cases look minor, Thusi says Vodacom takes any fraud “very seriously”.

In instances where Sim-swap fraud does happen, fraudsters need to have extensive information about the victim. Identity fraud is a “necessary precursor” in such instances. “Personal information has to be compromised,” Thusi adds.

“Fraudsters work in syndicates and try to steal customers’ identities through phishing attacks or other methods. Once they’ve got a customer’s personal details, ID number, phone number and other information, they then present themselves as the customer and request a Sim swap.”

According to Thusi, fraudsters clearly have information about their intended victims before the Sim swap is performed because the victims “are usually people with large amounts of money in their bank accounts”.

She says Vodacom has a number of systems in place to protect customers against this sort of fraud. “I can’t discuss the measures in detail in terms of the checks we perform but the bottom line is the customer has to be verified against the information on our system to start with.”

Once a customer is cleared for a Sim swap, an SMS notification is sent to the corresponding mobile number to alert the customer that this has been requested and that they should contact Vodacom immediately if they didn’t ask for it.

There is a delay between a Sim-swap request and its being processed to allow customers time to cancel it if it has been requested in error or fraudulently. “Sometimes customers ignore these messages,” Thusi says.

Vodacom is taking additional measures to prevent fraud, including implementing a Pin system that will see users creating a Pin for use with the Vodacom call centre. This Pin will replace the usual security questions and will be required for all services. — (c) 2013 NewsCentral Media